Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
SecTor
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
11/27/2018
09:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

See the Future of Cybersecurity at Black Hat Europe

New tools, techniques, and a plan for training a new generation of crack security experts are all in the cards for attendees of Black Hat Europe in London next week.

Black Hat Europe kicks off in London next week, and it promises to deliver a melting pot of cybersecurity experts from around the world. If you want to get an early look at the tools, techniques, and training regimens that will shape this next generation of cybersecurity, the The Excel in London is the place to be.

Notably, make time to check out the Briefing No Free Charge Theorem 2.0: How to Steal Private Information from a Mobile Device Using a Powerbank . Modern smartphones are often gold mines of private information (including banking data, emails, and passwords), and now it’s quite common for owners to plug their smartphones into public charging stations to get a bit of juice on the go. Despite preventive measures implemented by Android's developers to prevent data transfer via USB cable (i.e. “charging only" mode), researchers have been able to exploit a hidden communication channel which leverages only the electrical current provided for charging the smartphone. They will  show you how they do it during this special Black Hat Europe Briefing.

Of course, such tricks aren’t much use against trained professionals, and in a 50-minute Briefing on Evolving Security Experts Among Teenagers you’ll learn about Rezillon’s plan to foster a new generation of cybersecurity experts. Such efforts are critical if we want to avoid a significant labor shortage in the future, and this Briefing will show you how to build a framework of programs and groups, with the support of government, industry, and community for the sole purpose of creating a new generation of experts inventing the next big thing.

Delitor’s OSINT Techniques And Methodology 2-Day Training promises to demonstrate multiple free online resources that break through traditional search roadblocks. Participants will not only learn how to "dig" into the Internet for personal information about any target but also how to connect attributes across multiple open source data points. While popular sites such as Twitter, Instagram, and Facebook are covered in detail (including techniques that legally access some "hidden" content), the presentation goes much deeper into the vast resources available for researching personal information. The participants will then take all resources available to them and learn how to create their own methodology through practical exercises.

If you favor a more automated approach, consider checking out The Security Automation Lab, where you’ll learn how to automate the discovery and protection of security weaknesses while automatically responding to incidents and gaining visibility into the areas where further security automation can be enhanced. Presented by Threat Intelligence, this 2-Day Training will help you create your own dedicated cloud-based Security Automation environment consisting of servers and applications with a range of vulnerabilities that need protection from an onslaught of ongoing attacks and security breaches.

If you’re looking to beef up your mobile arsenal, stop by the Black Hat Europe Arsenal to catch a demo of Mafia: Mobile Security Automation Framework for Intelligent Auditing. Mafia is designed to automate a tricky process by performing end-to-end security testing for a given mobile app, creating a self-serve tool for developers and security engineers. Mobile applications are critical when it comes to vulnerabilities in a production environment, and Mafia is meant to take some of the hassle out of finding and fixing those vulnerabilities.

Uitkyk: Identifying Malware via Runtime Memory Analysis is another Arsenal demo worth taking, as it purports to be the first Android framework that allows for its implementers to identify Android malware according to the instantiated objects on the heap for a particular process. Uitkyk does not require the APK of the application to be scanned to be present to identify malicious behavior. Instead, it makes use of runtime memory analysis to detect behavior which normally cannot be identified by static analysis of Android applications. Don’t miss it!

Black Hat Europe returns to The Excel in London December 3-6, 2018. For more information on what’s happening at the event and how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31476
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...
CVE-2021-31477
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-...
CVE-2021-32690
PUBLISHED: 2021-06-16
Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This...
CVE-2021-32691
PUBLISHED: 2021-06-16
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within th...
CVE-2021-32243
PUBLISHED: 2021-06-16
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).